Mesos-DNS favors "host" over "networkinfo"

Description

mesos-dns.json includes the following line:
"IPSources": ["host", "netinfo"]

This breaks early IP-per-container integration in DC/OS as DNS lookups will return the container's host IP instead of the routable container IP.

This is a request to flip that ordering so IP-per-container networking can work in DC/OS

Activity

Show:
Cody Maloney
April 27, 2016, 7:53 PM

You can set mesos_dns_ip_sources in the config.yaml when doing an "Advanced" install in order to change that. Whatever is set there pipes into the Mesos-DNS configuration.

The reason the default is set the way it is is that changing it / having it be the reverse broke a number of clusters / services as things would report docker internal IPs.

Daniel Osborne
April 29, 2016, 7:16 PM

I believe your statement about mesos-dns reporting docker internal IPs is inaccurate.

Docker-bridge tasks do not have a filled in networkInfo, which means mesos-dns falls back to reporting the task's host IP as expected.

The situation you've described will only happen If the user fills in the ipAddress field of their Marathon app definition AND launches the task on the bridge network. By specifiying a non-empty ipAddress field, Marathon will populate the app's NetworkInfo, and Mesos will fill it with the tasks' (unreachable) docker IP. But this situation should never happen as filling in both fields is unsupported to begin with.

Cody Maloney
April 29, 2016, 8:27 PM

I have most definitely spent many hours debugging that with various combinations of Mesos and Mesos-DNS. Definitely has happened. Newer Mesos is better. networkInfo first broke DCOS 1.5 -> 1.6 upgrades.

Sargun Dhillon
May 3, 2016, 8:20 AM

DCOS out of the box for most people has netinfo set to the bridge IP of the Docker container. Changing the default network sources would render all of the customers without using early IP per container integration without working Mesos DNS.

Anonymous
May 3, 2016, 10:03 PM

I was wrong, you guys are correct. Mesos-DNS is returning docker bridge IP's regardless. This unfortunately means its impossible use Mesos-DNS with ip-per-container tasks running alongside non-ip-per-container ones. This will affect the CNI work currently being done. I'll follow up on this bug in core Mesos or Mesos-DNS

Won't Do

Assignee

Sargun Dhillon

Labels

Components